* [PATCH network] SNAT: handle interface lookup failures gracefully
@ 2026-04-20 14:35 Lukas Sichert
0 siblings, 0 replies; only message in thread
From: Lukas Sichert @ 2026-04-20 14:35 UTC (permalink / raw)
To: pve-devel; +Cc: Lukas Sichert
When an IPv6 subnet is created in a Simple or EVPN zone, the setup code
runs `ip route get 2001:4860:4860::8888` to determine the outgoing
interface. If the host has no IPv6 address configured, this command
fails and aborts the loop that iterates over the plugin's subnets.
Since the error is only handled at a higher layer, any subnets that
would be processed later in the loop are skipped.
Wrap the function that performs the route lookup in an eval block. If
the lookup fails, write the error to the system log and continue
processing the remaining subnets in the loop.
Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 12 ++++++++++--
src/PVE/Network/SDN/Zones/SimplePlugin.pm | 12 ++++++++++--
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 8e7ddfd..a12922b 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -11,6 +11,7 @@ use PVE::INotify;
use PVE::Cluster;
use PVE::Tools;
use Net::IP;
+use PVE::SafeSyslog;
use PVE::Network::SDN::Controllers::EvpnPlugin;
@@ -252,8 +253,15 @@ sub generate_sdn_config {
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) =
- PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ my ($outip, $outiface);
+ eval {
+ ($outip, $outiface) =
+ PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ };
+ if ($@) {
+ syslog("warn", "interface for SNAT could not be resolved: $@");
+ next;
+ }
if ($outip && $outiface && $is_evpn_gateway) {
#use snat, faster than masquerade
push @iface_config,
diff --git a/src/PVE/Network/SDN/Zones/SimplePlugin.pm b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
index f5cd18e..8ae7630 100644
--- a/src/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -7,6 +7,7 @@ use PVE::Network::SDN::Dhcp;
use PVE::Exception qw(raise raise_param_exc);
use PVE::Cluster;
use PVE::Tools;
+use PVE::SafeSyslog;
use base('PVE::Network::SDN::Zones::Plugin');
@@ -112,8 +113,15 @@ sub generate_sdn_config {
push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) =
- PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ my ($outip, $outiface);
+ eval {
+ ($outip, $outiface) =
+ PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ };
+ if ($@) {
+ syslog("warn", "interface for SNAT could not be resolved: $@");
+ next;
+ }
if ($outip && $outiface) {
#use snat, faster than masquerade
push @iface_config,
--
2.47.3
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-20 14:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-20 14:35 [PATCH network] SNAT: handle interface lookup failures gracefully Lukas Sichert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox